Senior Penetration Testing Analyst collaborating with DoD and other teams on cybersecurity solutions. Conducting penetration tests and assessments to enhance security across various environments.
About the role
- Product Security Engineer at Junglee Games ensuring security is integrated into each stage of the software development lifecycle. Collaborate across teams and harden the security of products and platforms.
Responsibilities
- Lead security architecture and design reviews, threat modelling activities, and secure code assessments across multiple product lines.
- Design and maintain security guardrails within automated pipelines to identify vulnerabilities, hardcoded secrets, and insecure dependencies before they reach production.
- Harden cloud infrastructure security across AWS/Azure/GCP by implementing least-privilege IAM policies, monitoring workloads, and managing Cloud Security Posture (CSPM).
- Maintain and improve the security posture of cloud environments through identity hardening (IAM), workload monitoring, and continuous posture assessment.
- Perform deep-dive security assessments across web, mobile, and API surfaces, with a particular focus on complex authentication and authorization logic.
- Proficiency with a variety of security scanners (SAST/DAST/SCA) and the ability to integrate them into modern CI/CD workflows.
- Evaluate and secure modern application features, including AI-driven integrations and LLM-based interfaces.
- Assist developers with secure coding practices and remediation.
- Experience managing bug bounty programs or coordinating vulnerability disclosure processes.
Requirements
- 6+ years of experience in Product Security, Application Security.
- Deep understanding of the Secure Software Development Lifecycle and how to bake security into it.
- Knowledge and experience in web application security testing, vulnerability assessment, penetration testing, and generating reports.
- Solid understanding of Amazon Web Services (AWS) including VPC, ELB, IAM, KMS, EC2, S3, CloudTrail, CloudFormation, CloudWatch, Cloud HSM, AWS Encryption SDK, RDS, ELB, AWS Route 53, CloudFront, SNS, Containers.
- Hands-on experience securing cloud-native environments with a focus on IAM, VPC security, and serverless/container security (Kubernetes/Docker).
- Understanding of security frameworks and standards like OWASP & NIST.
- Solid understanding of security protocols, cryptography, authentication, authorization
- Identify security tools and lead operationalization of solutions from POC to Production Security Tooling: Proven track record of integrating and tuning SAST, DAST, and SCA tools (e.g., Snyk, Checkmarx, Wiz, or GitHub Advanced Security) within CI/CD pipelines.
- Experienced with Threat Modeling frameworks (STRIDE, PASTA) and the ability to conduct architectural risk assessments.
- Design a secure application release automation process to make security an integral part of the CI/CD pipelines.
- Ability to not just find bugs, but to work with engineering leads to prioritize and fix high-risk vulnerabilities across large codebases.
Benefits
- Health insurance
- Flexible working hours
- Professional development
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Senior Cybersecurity Documentation Specialist managing Risk Management Framework initiatives for Leidos. Supporting cybersecurity documentation and compliance activities across departments with a focus on national security.
Security Engineer role at Contour Software focused on IT administration and security operations. Ensuring tools and systems are secure and aligned with best practices across the organization.
First Vice President driving Axos Bank's information security strategy and leading a high - performing team. Architecting solutions and leading technical initiatives within a fast - paced environment.
Mid to Senior Data Engineer joining CrowdStrike's Cloud Identity & Perimeter team. Focus on developing and maintaining complex data pipelines and security analytics at scale.
Cybersecurity Assessor evaluating enterprise systems for vulnerabilities and compliance. Engaging in assessments and reporting within a hybrid work structure based in Brooklyn Heights, NY.
Security Business Analyst engaging in requirements gathering, risk assessments, and stakeholder liaison. Supporting measurable security outcomes with comprehensive documentation in a hybrid work setup.
Senior Software Engineer developing engaging gamified learning experiences for cybersecurity awareness. Driving technical leadership and product ownership in a rapidly growing team.
Cyber Security Engineer providing cybersecurity support for SCADA, OT networks and industrial control systems at Vestas. Collaborating with cross - functional teams to ensure secure operations in offshore wind farms.
Senior Consultant in IT Security guiding clients through IT projects and security strategies. Analyzing vulnerabilities and leading project tasks while ensuring quality and timely delivery.